On the trail of Advanced Persistent Threats...

These days, APTs (Advanced Persistent Threats) are driving a lot of security chatter - and consuming a fair amount of energy.

But is that sort of zoomed-in attitude to security actually good for us?

In our RSA Conference Special podcast, for example, live from San Francisco, Sophos Naked Security writers John Shier and Chester Wisniewski touched on this as one of the key concerns at the event.

John Shier. (2'37") [The hot technology at the conference is] "data analytics." If you look at even some of the [well-known] vendors, there's always this "data-and-APT" feel to everything people are talking about. "How do I protect my data from the APTs" is really the common theme across many of the vendors here.

John's point was that the focus on APTs in particular was pushing (or pulling) people away from viewing computer security in a holistic way.

Indeed, the term APT has come to be applied to a rather narrow subset of malware, specifically those threats concerned primarily with intelligence gathering or espionage.

And this narrow focus, combined with the fact that "how to protect against espionage and intelligence gathering" sounds much more important and exciting than "how to keep the bad stuff out and the good stuff in", is what led John to make the observation we quoted above.

What should you do?

Should you think broadly, and aim for the inescapably practical and effective goal of keeping the bad stuff out and the good stuff in?

Or should you go deep and concentrate exclusively on the scarier-sounding challenge of how to protect against espionage and intelligence gathering?

How do you decide?

Well, popular SophosLabs writer Gabor Szappanos (Szappi) can help.

He's been doggedly tracking a fairly specific set of espionage-style APTs over the past year.

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too.
Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009.
Follow him on Twitter: @duckblog